wimax/i2400m: fix oops when the TX FIFO fills up due to a missing check

When the TX FIFO filled up and i2400m_tx_new() failed to allocate a new TX message header, a missing check for said condition was causing a kernel oops when trying to dereference a NULL i2400m->tx_msg pointer. Found and diagnosed by Cindy H. Kao. Signed-off-by: Inaky Perez-Gonzalez <inaky@linux.intel.com>

wimax/i2400m: fix oops when the TX FIFO fills up due to a missing check
When the TX FIFO filled up and i2400m_tx_new() failed to allocate a new TX message header, a missing check for said condition was causing a kernel oops when trying to dereference a NULL i2400m->tx_msg pointer. Found and diagnosed by Cindy H. Kao. Signed-off-by: Inaky Perez-Gonzalez <inaky@linux.intel.com>
59063afa · Inaky Perez-Gonzalez · b4bd07e3 · 59063afa
Commit 59063afa authored May 27, 2009 by Inaky Perez-Gonzalez
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

drivers/net/wimax/i2400m/tx.c drivers/net/wimax/i2400m/tx.c +2 -0

No files found.
--- a/drivers/net/wimax/i2400m/tx.c
+++ b/drivers/net/wimax/i2400m/tx.c
@@ -653,6 +653,8 @@ int i2400m_tx(struct i2400m *i2400m, const void *buf, size_t buf_len,
 		i2400m_tx_close(i2400m);
 		i2400m_tx_new(i2400m);
 	}
+	if (i2400m->tx_msg == NULL)
+		goto error_tx_new;
 	if (i2400m->tx_msg->size + padded_len > I2400M_TX_BUF_SIZE / 2) {
 		d_printf(2, dev, "TX: message too big, going new\n");
 		i2400m_tx_close(i2400m);